Microsoft SharePoint Server vulnerabilities could allow remote code execution
Report ID: MS201309001
Date Published: 11 September 2013
Compromise Type: denial-of-service remote-code-execution privilege-escalation
Compromise From: remote
Microsoft Windows SharePoint Services 2.0
Microsoft Windows SharePoint Services 3.0
Microsoft SharePoint Foundation 2010
Microsoft SharePoint Server 2010
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft Business Productivity
Word Automation Services
Microsoft Excel Web App 2010
Ten vulnerabilities reported found in the Microsoft SharePoint Server could lead to denial of service, remote code execution and escalation of privilege situations.
Microsoft has released a security update to address ten reported vulnerabilities in the Microsoft SharePoint Server. One is a denial of service vulnerability caused by improper starting of an unassigned workflow; Two are escalation of privilege vulnerabilities caused by improper sanitization of a request; and the other seven are remote code execution vulnerabilities caused by improper handling of objects in memory and improper input validation.
All of these vulnerabilities have been patched through the latest update, and users are recommended to install the update onto their system as a protection measure against exploit attempts.
CVE-2013-0081, CVE-2013-1315, CVE-2013-1330, CVE-2013-3179, CVE-2013-3180, CVE-2013-3847, CVE-2013-3848, CVE-2013-3849, CVE-2013-3857, CVE-2013-3858
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms13-067)
F-Secure Health Check
F-Secure's free tool, the Health Check, detects if your system is missing the patch for the vulnerability covered in this report.